SYS‐255 ‐ Lab 2 - connor0329/repository-1 GitHub Wiki

What we did in this lab

1. Changing the ad01 VM's network adapter to the proper LAN

In Vsphere I edited ad01 virtual hardware settings so that it was on the correct LAN

EX:

  • Right click on ad01, edit settings
  • Select the "Network Adapter 1" drop down and change it to "SYS-255-02-LAN"

2. Host and network configuration

Using server manager and Windows "Network and Internet settings," I set the proper IP address, Netmask, Gateway, and DNS as well as changed my computer name to, "ad01-connor"

EX:

Network Configuration

  • Click on the internet tab in the bottom right of the home screen, Network and Internet settings
  • Change adapter options
  • Double click Ethernet
  • Properties
  • Click on IPv4, properties
  • Fill out the proper configurations:
    • IP Address: 10.0.5.5
    • Netmask: 255.255.255.0
    • Gateway 10.0.5.2
    • DNS 10.0.5.2

Host configuration

  • Open Server Manager
  • Select the local server tab on the left
  • Select Computer name, change
  • Change the computer name to "ad01-connor"

3. Installing the AD DS role

Using Server Manager I added the ADDS role and started the installation

EX:

  • In server manager click "manage" in the top right, add Roles and Features
  • Click next until you get to the "server roles" tab
  • Click on "Active Directory Domain Services", add features
  • Click next until you can start the install

4. Configuring the server to be the primary domain controller for my domain (connor.local)

Using Server manager I promoted the server to a domain controller

EX:

  • In server manger click on the flag with a yellow "!"
  • Click "Promote this server to a domain controller"
  • In the "deployment configuration" tab click "add a new forest", type "connor.local"
  • Type in a DSRM password, "Lacrossekid3"
  • Click next until you can start the install, this will end with a reboot

5. Adding a DNS record for fw01

After reboot and logging in as "domain administrator," using DNS Manager in Server Manager and forward and reverse lookup zones, I created a DNS record so that I can resolve "fw01.connor.local" to the I.P. "10.0.5.2." This is important because we can only access fw01 by IP address, not by name.

EX:

Forward Lookup Zone

  • Open server manager, click the DNS tab
  • Right click on "AD01-CONNOR", select "DNS Manager"
  • Click the drop down for "Forward Lookup Zones"
  • Right click "connor.local", "New Host A or AAAA"
  • In the "name" field type "fw01-connor", in the "IP address" field type, "10.0.5.2"
  • Check the, "Update associated pointer (PTR) record"

Reverse Lookup Zone

  • Right click "Reverse Lookup Zones"
  • Select "New Zone"
  • Click next until you get to Network ID, type "10.0.5"
  • Click next until finished

Create a new PTR record from the A record of "fw01-connor" and "ad01-connor"

  • Click back on "connor.local" from the "Forward Lookup Zone" tab
  • Right click on "ad01-connor", properties
  • Uncheck "Update associated pointer (PTR) record", click apply, ok
  • Right click again on "ad01-connor" , properties
  • Check "Update associated pointer (PTR) record", click apply, ok
  • Repeat those same 4 previous steps for "fw01-connor"
  • Click the drop down menu for "Reverse Lookup Zones", select 5.0.10.in-addr.arpa
  • The reverse dns entry for fw01 (10.0.5.2.) and ad01 (10.0.5.5) should now be in the 5.0.10 reverse lookup zone image

6. Create named domain users on ad01

Using server manager and "AD DS" (Active Directory Domain Services) I created a named domain administrator account and a non-privileged user account

EX:

Domain Administrator Account

  • Select the "AD DS" tab in server manager
  • Right click "AD01-CONNOR", select "Active Directory Users and Computers"
  • Right click "Users", "New", "User"

  • Fill out the fields like this image

  • Uncheck "user must change password at next login

  • Right click on the new user just made "Connor McCracken (adm)", "Add to a group"

  • In the "Enter the objects name to select" field type "Domain Admins"

Non-Privileged Account

  • Follow the first 3 steps from above (Domain Administrator Account)
  • Fill out the fields like this

7. Preparing wks01 to join connor.local

In wks01 I changed the DNS server and the domain member so it can join connor.local

EX:

Changing DNS Server

  • Launch "wks01-SYS-255-02"
  • Click on the internet tab in the bottom right, "Network and Internet Settings"
  • Select Ethernet, "Change Adapter Options"
  • Double click "Ethernet0"
  • Propeties
  • Select "Internet Protocol Version 4 (TCP/IPv4)", properties
  • In the "Preferred DNS Server" field, enter "10.0.5.5"

Joining wks01 to my New Domain

  • Open Control Panel

  • Select "System and Security", "System"

  • In the "computer name, domain, and workgroup" section click on "Change settings"

  • Click change

  • In the "Domain" section type "connor" image

  • If everything is done correctly you should be prompted with a administrator username and password

    • Username: connor.mccracken-adm
    • Password: Lacrossekid3

Important information in this lab

What does the "AD DS role" do and why do I need it? AD DS

  • The AD DS role is essential for managing network resources
  • It provides a centralized system to store information about users, computers, and other devices on a network which makes it easier to manage resources
  • It also integrates with DNS to resolve domain names to IP addresses so devices on the network can locate and communicate with each other

Why did I need to make the server the "primary domain controller" and what does a "domain controller" do? Primary Domain Controller

  • You need to configure the server to be the primary domain controller to manage and control the Active Directory (AD) for your network
  • Configuring your server as the primary domain controller makes it the main point for important tasks (listed below) in you network environment
  • A domain controller (DC) is a server that authenticates and authorizes users, manages security policies, and stores AD data (user accounts, passwords, and computer names
  • It makes sure everyone on the network can securely access shared resources, like files or printers, and helps to enforce network rules

What is the "DNS error" for after making the server a "primary domain controller?"

  • The DNS error is due to the fact that I gave my environment a, ".local" top level domain, because it is intended for internal network use only (not accessible from the internet)
  • Valid top level domain would be ".com, .gov, .edu, and .net"

Why does the DNS server point back to 127.0.0.1? (Right after step 4)

  • After reboot the DNS server points 127.0.0.1 (the local loopback address) because the server I set up is now acting as its own DNS server
  • Ensures the server can resolve domain names locally without having to rely on an external DNS server
  • By pointing to 127.0.0.1, the server can handle DNS queries for its own network, which improves performance and makes sure devices with the local domain can be found and communicated with efficiently
  • DNS queries not handled locally are forwarded to "fw01" which will in turn forward to its DNS Server.

Why do I need a "DNS record" and what does it do? Step 5

  • Adding a DNS record allows devices on my network to resolve hostnames (like "fw01.connor.local") to their IP addresses (like "10.0.5.2")
  • DNS records allow devices using my server as their DNS to find and connect to other devices by name instead of remembering IP addresses
  • Adding a DNS record makes network communication more user-friendly, organized, and efficient

What does the "Forward Lookup Zone" do? FLZ

  • The forward lookup zone is a part of the DNS server that maps domain names (like "fw01.connor.local") to their IP addresses (like "10.0.5.2")
  • It allows devices on the network to find other devices or services by name

What does the "Reverse Lookup Zone do? RLZ

  • The "reverse lookup zone" does the opposite of the "forward lookup zones"
  • It maps IP addresses back to their domain names
  • We need the reverse lookup zone to verify the identity of devices by resolving IP addresses to names

Why did I need to create a new PTR record from the A record of fw01-connor and ad01-connor, and what does creating a PTR check do? PTR Record

  • I created a PTR record to enable "reverse DNS" (right above)

Why did I need to created a "named domain administrator account" and a "named non-privileged user account" and what do they do? Named Domain ADM and Non-Privileged

  • The "named domain administrator account" has elevated privileges
  • These privileges are used for managing and configuring the entire domain, such as adding or removing users, managing group policies, and controlling security settings
  • The "named non-privileged user account" has limited access, allowing it to perform regular tasks without administrative access
  • This account would be used for day-to-day activities like logging in, accessing shared files, and using applications

Why did I have to change wks01 DNS to 10.0.0.5? wks01 DNS

  • The DNS for wks01 needed to be changed to 10.0.0.5 (the IP address of my "domain controller, ad01") to make sure that wks01 uses my domain's DNS server for name resolution
  • To join the domain ("connor.local"), wks01 needs to resolve the domain names and locate the domain controller ("ad01")
  • By setting the DNS to 10.0.0.5, wks01 can communicate directly with the domain controller, find other devices on the network, and participate fully in the domain's network environment

Definitions

Active Directory Domain Services-

Forward lookup zone (DNS)- Reverse lookup zone (DNS)-

Other: Administrator Password: Lacrossekid3

Named Domain Administrator Account

Username: connor.mccracken-adm@connor or

Password: Lacrossekid3

Named Non-Privileged User

Username: connor.mccracken@connor

Password: Lacrossekid3